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REMARKS/ARGUMENTS 



In the Final Office Action of October 11, 2006, the Patent Office examined claims 
118-162, original claims 1-117 having been previously cancelled, hi the Final Office 
Action, the Patent Office raised a 35 USC §112, second paragraph, objection to 
independent claims 118 and 140. In addition, the Patent Office rejected pending claims 
1 1 8-125 and 1 35-139 under 35 USC §102, as being anticipated by Cunningham, U.S. Pat. 
No. 6,219,786, rejected claims 126-128, 140-152, and 159-162 under 35 USC § 103, as 
being obvious over Cunningham in view otEsbensen, U.S. Pat. No. 5,796,942, rejected 
claims 129-134 under 35 USC § 103, as being obvious over Cunningham in view of 
Edgett, [citation unknown], and claims 153-158 under 35 USC § 103, as being obvious 
over Cunningham in view of Esbensen and Edgett. 

In response to the above objections and rejections, Applicant has amended 
independent claims 118 and 140, as well as a number of the dependent claims, which 
were necessary primarily due to the substantive amendments made to the independent 
claims. Claim 139 and 143 have been cancelled and no new claims have been added. 

First, with regard to the Section 1 12 objection, Applicant has deleted the negative 
limitation in independent claims 118 and 140, which explained that the identifier upon 
which the present invention relies is "hot an IP address." Although this is true and 
inherent from a plain reading of the specification, as would be appreciated by one skilled 
in the art, Applicant has voluntarily deleted this negative limitation from the claims, 
which should now render the Section 1 12 objection as moot. 

With regard to the Section 102 and 103 rejections, all of which are based on 
Cunningham alone or in combination with other references, Applicant has amended 
independent claims 118 and 140 in such a manner that they now more clearly define the 
nature and scope of the present invention and in a manner that clearly distinguishes the 
present invention from the teachings of Cunningham alone or in combination with any 
known or cited art. 

Specifically, Cunningham discloses and teaches a method and system for 
monitoring and controlling access to a network by non-intrusivety monitoring network 
traffic. See Cunningham, Col. 6. lines 46-48 (emphasis added). Cunningham explains 



12 



PAGE 1 «20 * RCVD AT 1/1 1/2007 6:08:55 PM [Eastern Standard Time] * SVR:USPTO^XRF-5/20 * DNIS:2738300 * CSID:4043644578 * DURATION (mm-ss):0M4 



Jan-11-2007 06:13pm Frora-MORRI S MANNING MARTIN 4043844578 T-259 P. 017/020 F-862 

Appl.No. 10/065,775 

RCE and Amdt dated January 1 1 , 2007 

Reply to Final Office Action of October 1 1 , 2006 

that network access decisions can be made by intercepting and examining low level 
information that is contained in a conventional data packet, such as "(1) the Ethernet 
addresses of the source and destination nodes; (2) the IP addresses of the source and 
destination nodes; and (3) the IP port number of the destination node." Id. at CoL 7, lines 
7-9. Cunningham also explains that more sophisticated network access decisions can be 
made by examining "higher level" information obtained from the data fields of such 
packets. Specifically, "the packets that are specific to a particular node-to-node 
transmission can be collected and assembled. . ..The workstation then has the capability of 
piecing together the fragments of a multi-packet signal/ 7 Id. at CoL 7, lines 21-26 
(emphasis added). Thus, "[h]igher level decisions can be formed only after a connection 
has been established and the actual content has begun to flow over that connection," Id. 
at CoL 8, lines 3-5 (emphasis added). Thus, Cunningham teaches how to make intelligent 
use of information that is already included in all conventional data packets, such as 
Ethernet addresses, IP addresses, and IP ports. Alternatively, Cunningham teaches how 
to make high level or more sophisticated decisions about network access by collecting 
and assembling a plurality of data packets in a communication stream and piecing 
together the user or application data that can only be obtained by assembling and 
analyzing a plurality of packets. In either case, Cunningham merely takes advantage of 
the standard information obtained from data packets that have been constructed by 
conventional Ethernet and TCP/IP communication software at the source node. 
Cunningham does not teach, disclose, or suggest the addition of any non-conventional or 
further information or identifiers into such data packets. In fact, to the contrary, 
Cunningham boasts that a <c key point in the system and method is that the individual 
workstations 20 and 22 that are accessed by users can be managed without installing any 
software components specifically on those workstations." Id. at CoL 6, lines 8-12. Thus, 
Cunningham does not provide any mechanism for inserting any additional data into 
conventional data packets to create a modified data packet with additional information 
that can be used for tracking or network access purposes. 

In stark contrast, the present invention discloses and specifically claims systems 
and methods that are intrusive upon conventional data packets and that enable network 
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access decisions to be made based on such "additional" information (i.e., "identifiers"), 
which are intrusively inserted into the headers of conventional data packets, for tracking, 
identification, and network access determination purposes. This approach allows 
additional information to be included in the header of a data packet while maintaining full 
compliance with the packet header standards and without altering the packet header 
format, so as not to disrupt normal packet processing at the destination node. Such 
additional information, such as a user identifier, is not otherwise available from headers 
in conventional data packets, which would include Ethernet addresses, TP addresses, and 
TCP port numbers. Although it might be possible to obtain similar information, such as a 
user identifier, through examination of the data payload of the data packets, such 
information is not consistently available and would typically only be obtainable by 
collecting and assembling multiple data packets. Further, although it might be possible to 
embed additional information in the data payload of the data packets, such information 
would be potentially disruptive to processing the data packets at the destination node. 
The present invention allows the insertion of such additional information into and 
extraction from the header of a single packet, without requiring the collection or 
assembly of data packets and without disrupting the processing of data packets at the 
destination node. Finally, such insertion of identifiers causes the data packet to be 
modified from its original state. Such modification is clearly intrusive and quite 
distinguishable from the teachings of Cunningham. In light of the claim amendments and 
remarks submitted herein, reliance upon Cunningham, as a Section 102 or 103 reference, 
is no longer warranted. 

For example, amended independent claim 118 is directed to a method for 
intrusion prevention associated with a communication attempt between a source node and 
a destination node, comprising the steps of: after the construction of hut before the 
sending of a data packet from the source node to the destination node, as p art nf &g 
communication attempt intercep tin g the data packet at the source node : assigning one or 
more identifiers to the communication attempt, wherein the identifiers include at least 
one of a user identifier (UID) and a system identifier (SID), wherein the UU> is 
associated with a specific authorized user of the source node who is identified as 
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initiating the communication attempt and wherein the SID is associated with computer 
hardware of the source node making the communication attempt; inserting the one or 
more identifiers assigned to the communication attempt into a header of the data packet 
to create a modified data packet : and, thereafter, intercepting the modified data packet 
within the computer network after it has been sent by the source node but_before it 
reaches the destination node; extracting the one or more identifiers from the header of the 
modified data packet : and permitting the communication attempt by the source node with 
the destination node as a function of the one or more identifiers extracted from the header 
of the modified data packet . 

Similarly, amended independent claim 140 is directed to a method of monitoring 
an electronic communicationbetween a source node and a destination node within a 
computer network, comprising the steps of: after the construction of but before the 
sending of a data packet from the source node to the destination node as part of the 
electronic communication, intercepting the data packet at the source node : assigning one 
or more identifiers to the electronic communication; inserting the one or more identifiers 
assigned to t he electronic communication into a header of the data packet to create a 
modified data packet; and intercepting the modified data packet within the computer 
network after it has been sent by the source node but before it reaches the destination 
node; extracting the one or more identifiers from the header of the modified data packet; 
and, thereafter, logging the one or more identifiers extracted from the header of the 
modified data packet in a database; and forwarding the modified data packet to the 
destination node. 

As stated above, it is respectfully submitted that Cunningham does not teach, 
suggest, or make obvious the steps o£ after the construction of but before the sending of a 
data packet from the source node to the destination node as part of the electronic 
communication, intercepting the data packet at the source node, assiflmnfj one or more 
identifiers, and iqs^itiflg the one or more identifiers assigned to the electronic 
communication into a header of the data packet to create a modified data p acker 

Thus, for at least the above reasons, independent claims 118 and 140 define over 
the ait cited by the Patent Office to date, including Cunningham, whether considered 
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alone or in combination with any of the other art known or cited. For these reasons, 
independent claims 118 and 140, and all of their dependent claims, now stand in 
condition for allowance. 

CONCLUSION 

It is respectfully submitted that currently presented claims 118-138, 140-142 and 
144-162, as amended, are not anticipated by or rendered obvious by any of the art cited 
by the Patent Office to date, including Cunningham, whether considered alone or in 
combination with any of the other art cited. For these reasons, Applicant respectfully 
submits that amended claims 118-138, 140-142 and 144-162 define over the prior art and, 
thus, stand in condition for allowance, which action is earnestly solicited. 

This communication is responsive to the Final Office Action mailed on October 
11, 2006, and is filed in conjunction with a Request for Continued Examination (RCE). 
The appropriate RCE fee is included herewith. Since no extensions of time are due and 
since no new claims have been added, it is respectfully submitted that, other than the 
RCE fee, no additional fees are currently due or owing. However, if our assessment is in 
error, please charge any fees that might be due or credit any overpayment to our Deposit 
Account No. 50-3537. 

Respectfully submitted by 
Mo5)»<^anning & Martin, LLP 

January 11,2007 




Morris, Manning and Martin, LLP 
1600 Atlanta Financial Center 
3343 Peachtree Road, N.E. 
Atlanta Georgia 30326 
404-504-7674 Direct 
404-233-7000 Main 
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